summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update VERSION to 11.10.7v11.10.7GitLab Release Tools Bot2019-06-261-1/+1
|
* Update CHANGELOG.md for 11.10.7GitLab Release Tools Bot2019-06-264-15/+9
| | | [ci skip]
* Merge branch '11-10-stable-patch-7' into '11-10-stable'Marin Jankovski2019-06-266-22/+25
|\ | | | | | | | | Prepare 11.10.7 release See merge request gitlab-org/gitlab-ce!30067
| * Merge branch 'fe-fix-gl-dropdown-scrolling-to-top' into 'master'Fatih Acet2019-06-262-1/+6
| | | | | | | | | | | | | | | | | | Fix gl_dropdown scrolling to top on assignee click See merge request gitlab-org/gitlab-ce!29500 (cherry picked from commit 2a29f910592e82d8f8d108e15497dd2fbbbb07ca) 3130572f Fix gl_dropdown scrolling to top on assignee click
| * Merge branch '61246-fix-label-click-scroll-to-top' into 'master'Fatih Acet2019-06-262-0/+10
| | | | | | | | | | | | | | | | | | | | | | Fix label click scrolling to top Closes #61246 See merge request gitlab-org/gitlab-ce!29202 (cherry picked from commit 92b06c13bd12abf85f6beb18b3b5c2f0e38c2760) c9c7fa7b Fix label click scrolling to top
| * Merge branch 'revert-git-depth-for-merge-request' into 'master'Kamil Trzciński2019-06-263-22/+10
| | | | | | | | | | | | | | | | | | Revert a default GIT_DEPTH for MR pipeline See merge request gitlab-org/gitlab-ce!28926 (cherry picked from commit 765917dc088bee52a3f95d76fc7f32d408a2af20) dbd62232 Revert a default GIT_DEPTH for MR pipeline
* | Merge branch 'pb-quarantine-size-check-11-10-ce' into '11-10-stable'Marin Jankovski2019-06-267-4/+39
|\ \ | |/ |/| | | | | Add client code to call GetObjectDirectorySize RPC See merge request gitlab-org/gitlab-ce!29843
| * Add client code to call GetObjectDirectorySize RPCpb-quarantine-size-check-11-10-cePatrick Bajao2019-06-257-4/+39
|/ | | | This includes the changes for GITALY_SERVER_VERSION and Gemfile
* Update VERSION to 11.10.6v11.10.6GitLab Release Tools Bot2019-06-041-1/+1
|
* Update CHANGELOG.md for 11.10.6GitLab Release Tools Bot2019-06-049-40/+17
| | | [ci skip]
* Merge branch '11-10-stable-patch-6' into '11-10-stable'John Jarvis2019-06-0431-14/+159
|\ | | | | | | | | Prepare 11.10.6 release See merge request gitlab-org/gitlab-ce!28991
| * Merge branch 'sh-fix-related-merge-requests-path' into 'master'11-10-stable-patch-6Rémy Coutable2019-06-034-1/+44
| | | | | | | | | | | | | | | | Use a path for the related merge requests endpoint Closes #61280 See merge request gitlab-org/gitlab-ce!28171
| * Merge branch 'use-source-ref-name-in-webhook' into 'master'Ash McKenzie2019-06-033-1/+15
| | | | | | | | | | | | | | | | | | | | | | Use source ref in pipeline webhook Closes #61553 See merge request gitlab-org/gitlab-ce!28772 (cherry picked from commit 2714f85c1287e560d38c8de9f1f17c3aa3d4c8df) 7e05f3b7 Use source ref for pipeline webhook
| * Merge branch '60778-input-text-height' into 'master'Filipa Lacerda2019-06-033-0/+10
| | | | | | | | | | | | | | | | | | | | | | Fix height of input groups Closes #61304, #61303, #59254, and #60778 See merge request gitlab-org/gitlab-ce!28495 (cherry picked from commit 52758b929fa71540f97cd241d1668ade795306a1) 360646ea Fix height of input groups
| * Merge branch 'sh-fix-rugged-get-tree-entries-recursive' into 'master'Douglas Barbosa Alexandre2019-06-033-1/+10
| | | | | | | | | | | | | | | | | | | | | | API: Fix recursive flag not working with Rugged get_tree_entries flag Closes #61979 See merge request gitlab-org/gitlab-ce!28494 (cherry picked from commit d951f047198d3ee03604fb64f6ad96efae6cba54) c1827f1c API: Fix recursive flag not working with Rugged get_tree_entries flag
| * Merge branch 'fix-project-visibility-level-validation' into 'master'Stan Hu2019-06-033-2/+18
| | | | | | | | | | | | | | | | | | | | | | Fix project visibility level validation Closes #59379 See merge request gitlab-org/gitlab-ce!28305 (cherry picked from commit 99637084b22abdf7b1f6d46daad80faf8181f3cd) b5540112 Fix project visibility level validation
| * Merge branch 'sh-revert-full-gc-after-import' into 'master'Rémy Coutable2019-06-032-2/+2
| | | | | | | | | | | | | | | | | | | | | | Don't run full gc in AfterImportService Closes gitlab-ee#11556 See merge request gitlab-org/gitlab-ce!28239 (cherry picked from commit 4c16ce118498a2e3b98ad069000031fa9c55fcd3) 36b1a2d7 Don't run full gc in AfterImportService
| * Merge branch ↵Robert Speicher2019-06-031-0/+6
| | | | | | | | | | | | | | | | | | | | | | 'ce-11099-removing-the-project-that-holds-the-insights-configuration-raises-an-error' into 'master' Add remove_foreign_key_if_exists See merge request gitlab-org/gitlab-ce!28172 (cherry picked from commit 7b7416d9862f52fe0f0a304eeeaaa4b8d65bc8eb) 24eff5e0 Add remove_foreign_key_if_exists
| * Merge branch '61203-fix-lfs-ui-upload' into 'master'Nick Thomas2019-06-033-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | Fix uploading of LFS tracked file through UI Closes #61203 See merge request gitlab-org/gitlab-ce!28052 (cherry picked from commit 4d2d812463256003ab943df90a9c603821078a69) 3f192e8a Fix Lfs::FileTransformer to work with file objects 48fcdf1f Add changelog entry
| * Merge branch 'sh-allow-equal-level-in-subgroup-membership' into 'master'James Lopez2019-06-036-5/+20
| | | | | | | | | | | | | | | | | | | | | | Allow a member to have an access level equal to parent group Closes gitlab-ee#11323 See merge request gitlab-org/gitlab-ce!27913 (cherry picked from commit 2b3b0bb1847e5d910b3e5dc5e151f194c12d3907) 32ddc3fe Allow a member to have an access level equal to parent group
| * Merge branch 'sh-11-10-upgrade-chrome-v73' into '11-10-stable-patch-6'John Jarvis2019-06-033-2/+9
| |\ | | | | | | | | | | | | Upgrade CI to use Chrome V73 See merge request gitlab-org/gitlab-ce!27863
| | * Upgrade CI to use Chrome V73sh-11-10-upgrade-chrome-v73Stan Hu2019-04-291-2/+2
| | | | | | | | | | | | | | | | | | This backports https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27762 into the 11-10-stable branch in the hopes it resolves a number of flaky tests.
| | * Fix search dropdown being hidden immediatelyHeinrich Lee Yu2019-04-291-0/+2
| | |
| | * Gracefully handle undefined data in getTreeEntries()Stan Hu2019-04-291-0/+5
| | |
| * | Merge branch 'sh-gitaly-update-for-11-10' into '11-10-stable-patch-6'John Jarvis2019-06-032-1/+6
| |\ \ | | | | | | | | | | | | | | | | [11.10] Use 3-way merge for squashing commits See merge request gitlab-org/gitlab-ce!28078
| | * | Use 3-way merge for squashing commitssh-gitaly-update-for-11-10Stan Hu2019-05-032-1/+6
| | | | | | | | | | | | | | | | This upgrades Gitaly to 1.34.2 for 11-10-stable.
* | | | Update VERSION to 11.10.5v11.10.511-10-stable-prepare-rc6GitLab Release Tools Bot2019-05-301-1/+1
| | | |
* | | | Update CHANGELOG.md for 11.10.5GitLab Release Tools Bot2019-05-3013-60/+18
| | | | | | | | | | | | [ci skip]
* | | | Merge branch 'osw-disable-dns-rebind-protection-settings-11-10' into ↵GitLab Release Tools Bot2019-05-3014-13/+184
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '11-10-stable' Add DNS rebinding protection settings See merge request gitlab/gitlabhq!3131
| * | | | Rename UrlBlocker argument: schemes -> protocolsStan Hu2019-05-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | This was renamed in GitLab 11.11, so the backport needs to use the original name.
| * | | | Use Rails migration v5.0 for GitLab 11.10Stan Hu2019-05-291-1/+1
| | | | |
| * | | | Add changelogOswaldo Ferreira2019-05-291-0/+5
| | | | |
| * | | | Add DNS rebinding protection settingsOswaldo Ferreira2019-05-2913-13/+179
|/ / / /
* | | | Merge branch 'security-60143-address-xss-issue-11.10' into '11-10-stable'GitLab Release Tools Bot2019-05-283-0/+55
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3106
| * | | | Reject slug+uri concat if slug is deemed unsafeKerri Miller2019-05-273-0/+55
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
* | | | Merge branch 'security-58856-persistent-xss-11-10' into '11-10-stable'GitLab Release Tools Bot2019-05-286-3/+41
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Persistent XSS in note objects CE See merge request gitlab/gitlabhq!3080
| * | | | Change `prohibited_key` to use regexescharlieablett2019-05-011-4/+2
| | | | |
| * | | | Add `html` to sensitive wordscharlieablett2019-05-013-2/+4
| | | | |
| * | | | Add changelog entrycharlieablett2019-04-301-0/+5
| | | | |
| * | | | Ensure Issue & MR note_html cannot be importedAsh McKenzie2019-04-302-14/+16
| | | | |
| * | | | Add newline to AttributeCleanercharlieablett2019-04-301-1/+1
| | | | |
| * | | | Refactor AttributeCleaner` for readabilitycharlieablett2019-04-301-2/+3
| | | | |
| * | | | Refactor AttributeCleaner` for readabilitycharlieablett2019-04-301-7/+2
| | | | |
| * | | | Tighten up prohibited_key methodcharlieablett2019-04-261-4/+3
| | | | |
| * | | | Add disallowed fields to AttributeCleanercharlieablett2019-04-243-2/+38
| | | | |
* | | | | Merge branch 'security-fix-project-existence-disclosure-11-10' into ↵GitLab Release Tools Bot2019-05-283-16/+28
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '11-10-stable' Fix url redaction for issue links See merge request gitlab/gitlabhq!3090
| * | | | | Fix url redaction for issue linksPatrick Derichs2019-05-063-16/+28
| | |_|/ / | |/| | |
* | | | | Merge branch 'security-60039-11-10' into '11-10-stable'GitLab Release Tools Bot2019-05-288-33/+144
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Disallow invalid MR branch name See merge request gitlab/gitlabhq!3094
| * | | | | Validate MR branch namesMark Chao2019-05-068-33/+144
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents refspec as branch name, which would bypass branch protection when used in conjunction with rebase. HEAD seems to be a special case with lots of occurrence, so it is considered valid for now. Another special case is `refs/head/*`, which can be imported.
* | | | | Merge branch 'security-unsubscribing-from-issue-11-10' into '11-10-stable'GitLab Release Tools Bot2019-05-284-11/+111
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Hide issue title on unsubscribe for anonymous users See merge request gitlab/gitlabhq!3100
View Lorry Controller Status